Re: Intel 510 and Snort?

[Vitaly Fedrushkov <willy () lukoil uu ru>]

Good $daytime,

> Date: Mon, 1 Oct 2001 11:38:20 -0500 (CDT)
> From: Nate Carlson <natecars () real-time com>
> To: snort-users () lists sourceforge net
> Subject: [Snort-users] Intel 510 and Snort?

> Anyone know if it's possible to configure a Cisco-style 'Span' on an Intel
> 510 switch?

> All I can find is port mirroring, and that's considered a 'diagnostic'
> tool on the Intel switch.. changes aren't saved on a reboot.  :(

Well, you can write an expect script (use 'autoexpect' if you are new
to it) which should telnet into switch and do the task.

Regarding when one should run it, there are three options.  Dumb one
is to set up a cron job.  If you can safely assume your switch is
starting first, then it belongs to your server (or Snort itself)
startup sequence.  And vice versa, if your switch gets reset every so
often, you can monitor your syslog waiting for DHCP discovery and
then...

Bad news, however, are that such script will contain administrative
password for device.

Hope this helps.

  Regards,
  Willy.

--
No easy hope or lies        | Vitaly "Willy the Pooh" Fedrushkov
Shall bring us to our goal, | Control Systems and Processes Division
But iron sacrifice          | LUKOIL Company, Chelyabinsk Branch
Of Body, Will and Soul.     | willy () lukoil uu ru  +7 3512 620367
                  R.Kipling | VVF1-RIPE



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users